Search Results for "network analysis"

...The majority of tools published in the article: Top 125 Security Tools by INSECURE.ORG are available in the toolkit. An advanced Web User Interface (WUI) is provided for system/network administration, navigation, automation, network monitoring, host geolocation, network analysis and configuration of many network and security applications found within the NST distribution. In the virtual world, NST can be used as a network security analysis, validation and monitoring tool on enterprise virtual servers hosting virtual machines.

Simple Event Correlator (SEC) is a lightweight event correlator for network management, log file monitoring, security management, fraud detection, and other tasks which involve event correlation.

This is the fork of the SHADOW IDS produced in 2003. It has been updated to work on modern (SystemD, OpenRC) GNU suites. The original developers added the plugable architecture. It has been tweaked for TSHARK. It requires a CGI web server. It will run tcpdump 24x7x???. It will render initial analysis, and searchability. # idabench Version 1.0.1 idabench is public domain software and may be freely used and # distributed with or without modification....

We have migrated development of Sagacity to GitHub at https://github.com/cyberperspectives/sagacity Sagacity is a vulnerability assessment and STIG compliance data management tool designed to make security testing more efficient, effective and complete. Security assessments, especially those done for DoD and Federal organizations, produce tremendous amounts of scan and compliance data that security engineers must sort through and deconflict, identify untested requirements, and somehow...

Logs Analyzer, Alerter & Reporter with a Web Interface

OSSIM, AlienVault’s Open Source Security Information and Event Management (SIEM) product, provides event collection, normalization and correlation. For more advanced functionality, AlienVault Unified Security Management (USM) builds on OSSIM with these additional capabilities: * Log management * Advanced threat detection with a continuously updated library of pre-built correlation rules * Actionable threat intelligence updates from AlienVault Labs Security Research Team * Rich...

OpenCloudAV is the first open source multi-engine based malware analysis service from the network cloud. This project is in alpha release, run only in GNU/Linux, and is mainly developed using Perl SOAP::Lite module. Version 0.2 alpha is available now

DAD is a Windows event log and syslog management tool that allows you to aggregate logs from hundreds to thousands of systems in real time. DAD requires no agents on the servers or workstations. Correlation and analysis is driven through a web front end.

Ourmon is a network monitoring and anomaly detection system and displays the data for multiple BPF expressions via RRDTOOL-based graphs. It also helps the user identify various kinds of network anomalies using various flow analysis tools and logging.

Scripts to run Nmap and analyze results in very large networks.

BASE is the Basic Analysis and Security Engine. It is based on the code from the Analysis Console for Intrusion Databases (ACID) project. This application provides a web front-end to query and analyze the alerts coming from a SNORT IDS system.

Kojoney is an easy of use, secure, robust and powerfull Honeypot for the SSH Service written in Python. With the kojoney daemon are distributeds other tools such as kip2country (IP to Country) and kojreport, a tool to generate reports from the log fi

SURFnet IDS, a Distributed Intrusion Detection System (D-IDS). The goal is to provide an early warning system which lets system administrators correlate known and unknown exploits to attacks directed towards their networks.

What are the packets rejected by your Netfilter based firewall today ? How often this suspicious host try to connect to your box ? What are the most rejected domains ? Who is this strange host which scan your ports ? The responses are in the iptables log

System to track and report network break-in attempts via ssh and other protocols.

A statistical view of the recorded activity on a Honeynet. A mechanism for a honeynet to present some information about its findings over the web. This is done by a statistical analysis on the inbound firewall logs recorded by the honeynet's firewall.

readlog is a pair of scripts for reviewing iptables firewall logs via a handy web interface using a MySQL backend.

SrvReport is a simple and featurefull server monitoring and reporting system. It will send every day a mail with the latest state of the server including traffic (via /proc/net/dev and/or iptables), cpu, mail, http, ftp reports and other logs.

Green Screen: A Linux based Advanced Syslog Server for Juniper NetScreen Firewalls - Can be expanded later to support other products. It can capture syslog messages, parse them, store them in a MySQL database. A Web GUI interface is also included.

SLOP is a PERL and PHP based engine for the collection of and reporting on logs from various network based devices such as firewalls, switches, and web servers. So far, SLOP supports Checkpoint firewalls and Cisco 2900 and 3500 switches.

- language perl / library Graph, XML::LibXML - OS platforms, all platform that support perl and lsof tool - This software aims to realize an HIDS, based on programs behaviour modelling.

PACIE (Perl Analysis Console for Intrusion Events) Attempts to be a complete replacement for ACID. Place this cgi script on your internal webserver and receive powerfull reporting on your current snort database.

Shoki is a free, open source network intrusion detection system. The fundamental design goals are simplicity and modularity, and the focus is on traffic analysis rather than content inspection.

Distributed Syslog collector and viewer system with reliable Syslog msgs over tcp, and query with reg ex. using PERL. Supports IETF syslog and syslog relay, JAVA/JINI based, uses postgreSQL, JBOSS. Chain of custody raw to db data link. UTF8, D, F , UK

my-swatch pretends to be an implementation of msyslog and swatch together. What it pretends to accomplish is put all together, to log events to a remote database (like msyslog) and to awake triggers (like swatch).